STRLCPY/PCredz

Pcredz just got 10x faster.
lgandx committed 3 years ago

3036487d

1 parent 177bb864

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 1 files

■ ■ ■ ■ ■ ■

Pcredz

		skipped 67 lines
68	68		timestamp = options.timestamp
69	69		start_time = time.time()
70	70
71		-	http_userfields = [b'log',b'login', b'wpname', b'ahd_username', b'unickname', b'nickname', b'user', b'user_name',
72		-	b'alias', b'pseudo', b'email', b'username', b'_username', b'userid', b'form_loginname', b'loginname',
73		-	b'login_id', b'loginid', b'session_key', b'sessionkey', b'pop_login', b'uid', b'id', b'user_id', b'screename',
74		-	b'uname', b'ulogin', b'acctname', b'account', b'member', b'mailaddress', b'membername', b'login_username',
75		-	b'login_email', b'loginusername', b'loginemail', b'uin', b'sign-in', b'j_username']
76		-
77		-	http_passfields = [b'ahd_password', b'pass', b'password', b'_password', b'passwd', b'session_password', b'sessionpassword',
78		-	b'login_password', b'loginpassword', b'form_pw', b'pw', b'userpassword', b'pwd', b'upassword', b'login_password',
79		-	b'passwort', b'passwrd', b'wppassword', b'upasswd', b'j_password']
80		-
81	71		Filename = str(os.path.join(os.path.dirname(__file__),"CredentialDump-Session.log"))
82	72		l= logging.getLogger('Credential-Session')
83	73		l.addHandler(logging.FileHandler(Filename,'a'))
		skipped 8 lines
92	82		return
93	83		with open(outfile,"r") as filestr:
94	84		if re.search(codecs.encode(user,'hex'), codecs.encode(filestr.read().encode('latin-1'),'hex')):
95		-	return False
96		-	elif re.search(re.escape(b'$'), user):
97	85		return False
98	86		with open(outfile,"a") as outf2:
99	87		outf2.write(data + '\n')
		skipped 279 lines
379	367		def ParseDataRegex(decoded, SrcPort, DstPort):
380	368		HTTPUser = None
381	369		HTTPass = None
382		-	for user in http_userfields:
383		-	user = re.findall(b'(%s=[^&]+)' % user, decoded['data'], re.IGNORECASE)
	370	+	HTTPusername = re.search(b'log\|login\|wpname\|ahd_username\|unickname\|nickname\|user\|user_name\|alias\|pseudo\|email\|username\|_username\|userid\|form_loginname\|loginname\|login_id\|loginid\|session_key\|sessionkey\|pop_login\|uid\|id\|user_id\|screename\|uname\|ulogin\|acctname\|account\|member\|mailaddress\|membername\|login_username\|login_email\|loginusername\|loginemail\|uin\|sign-in\|j_username', decoded['data'])
	371	+	if HTTPusername:
	372	+	user = re.findall(b'(%s=[^&]+)' % HTTPusername.group(0), decoded['data'], re.IGNORECASE)
384	373		if user:
385	374		HTTPUser = user
386	375
387		-	for password in http_passfields:
388		-	passw = re.findall(b'(%s=[^&]+)' % password, decoded['data'], re.IGNORECASE)
	376	+	HTTPPasswd = re.search(b'ahd_password\|pass\|password\|_password\|passwd\|session_password\|sessionpassword\|login_password\|loginpassword\|form_pw\|pw\|userpassword\|pwd\|upassword\|login_passwordpasswort\|passwrd\|wppassword\|upasswd\|j_password', decoded['data'])
	377	+	if HTTPPasswd:
	378	+	passw = re.findall(b'(%s=[^&]+)' % HTTPPasswd.group(0), decoded['data'], re.IGNORECASE)
389	379		if passw:
390	380		HTTPass = passw
391	381
		skipped 164 lines
556	546		pass
557	547
558	548		if SrcPort == 445:
559		-	SMBRead_userfields = [b'Administrator',b'user', b'email', b'username', b'session_key', b'sessionkey']
560		-	SMBRead_passfields = [b'cpassword',b'password', b'pass', b'password', b'_password', b'passwd', b'pwd']
561		-	for password in SMBRead_passfields:
562		-	passw = re.findall(b'(?<=%s )[^\\r]*'%(password), decoded['data'], re.IGNORECASE)
563		-	if passw:
564		-	Message = "Found a password in an SMB read operation:\n%s:\n\"[%s]\""%(password.decode('latin-1'), b''.join(passw).decode('latin-1'))
	549	+	SMBRead_passfields = re.search(b'cpassword\|password\|passwd', decoded['data'],re.IGNORECASE)
	550	+	SMBRead_userfields = re.search(b'Administrator\|user\|email\|username', decoded['data'],re.IGNORECASE)
	551	+	if SMBRead_passfields:
	552	+	smbpassw = re.findall(b'(?<=%s)[^\\r]*'%(SMBRead_passfields.group(0)), decoded['data'], re.IGNORECASE)
	553	+	if smbpassw:
	554	+	Message = "Found a password in an SMB read operation:\n[%s]\n"%(decoded['data'][95:].decode('latin-1'))
565	555		HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort)
566	556		if PrintPacket(Filename,Message):
567	557		l.warning(HeadMessage)
568	558		l.warning(Message)
569	559		print(HeadMessage+'\n'+Message)
570	560
571		-	for users in SMBRead_userfields:
572		-	user = re.findall(b'(?<=%s )[^\\r]*'%(users), decoded['data'], re.IGNORECASE)
573		-	if user:
574		-	Message = "Found a username in an SMB read operation:\n%s:\n\"[%s]\""%(users.decode('latin-1'), b''.join(user).decode('latin-1'))
	561	+	if SMBRead_userfields:
	562	+	smbuser = re.findall(b'(?<=%s)[^\\r]*'%(SMBRead_userfields.group(0)), decoded['data'], re.IGNORECASE)
	563	+	if smbuser:
	564	+	Message = "Found a username in an SMB read operation:\n%s\n"%(decoded['data'][95:].decode('latin-1'))
575	565		HeadMessage = Print_Packet_Details(decoded,SrcPort,DstPort)
576	566		if PrintPacket(Filename,Message):
577	567		l.warning(HeadMessage)
		skipped 206 lines

Pcredz just got 10x faster.